lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

feat(wordpress): container

Browse source
This commit is contained in:
catvayor 2024-10-27 09:16:42 +01:00
parent 545b05ebe5
commit bc23fda1c2
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
2 changed files with 128 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

126
kat/default.nix
View file

@ -15,6 +15,9 @@ with lib;
"${sources.disko}/module.nix"
];
options.kat = {
addArgs = mkEnableOption "the extra arguments" // {
default = true;
};
wireguardPubKey = mkOption {
type = types.str;
};
@ -26,71 +29,74 @@ with lib;
readOnly = true;
};
};
config = {
_module.args = {
ssh-keys = import ./ssh-keys { inherit lib; };
kat-path = ./.;
};
kat = {
anywhere = pkgs.writeShellApplication {
name = "anywhere-deploy_${name}.sh";
runtimeInputs = [ pkgs.nixos-anywhere ];
# --kexec ${nodes.kat-kexec.config.system.build.kexecTarball}/${nodes.kat-kexec.config.system.kexec-installer.name}-${pkgs.stdenv.hostPlatform.system}.tar.gz
text = ''
nixos-anywhere --store-paths ${config.system.build.diskoScriptNoDeps} ${config.system.build.toplevel} ${config.deployment.targetHost}
'';
config = mkMerge [
(mkIf config.kat.addArgs {
_module.args = {
ssh-keys = import ./ssh-keys { inherit lib; };
kat-path = ./.;
};
})
{
kat = {
anywhere = pkgs.writeShellApplication {
name = "anywhere-deploy_${name}.sh";
runtimeInputs = [ pkgs.nixos-anywhere ];
# --kexec ${nodes.kat-kexec.config.system.build.kexecTarball}/${nodes.kat-kexec.config.system.kexec-installer.name}-${pkgs.stdenv.hostPlatform.system}.tar.gz
text = ''
nixos-anywhere --store-paths ${config.system.build.diskoScriptNoDeps} ${config.system.build.toplevel} ${config.deployment.targetHost}
'';
};
};
};
boot = {
tmp.useTmpfs = true;
supportedFilesystems.bcachefs = mkDefault true;
kernelPackages = pkgs.linuxPackages_latest;
};
boot = {
tmp.useTmpfs = true;
supportedFilesystems.bcachefs = mkDefault true;
kernelPackages = pkgs.linuxPackages_latest;
};
networking = {
useNetworkd = true;
nftables.enable = true;
};
systemd.network.enable = true;
networking = {
useNetworkd = true;
nftables.enable = true;
};
systemd.network.enable = true;
nix = {
nixPath = [
"nixpkgs=${builtins.storePath pkgs.path}"
"nixos=${builtins.storePath pkgs.path}"
nix = {
nixPath = [
"nixpkgs=${builtins.storePath pkgs.path}"
"nixos=${builtins.storePath pkgs.path}"
];
channel.enable = false;
settings.nix-path = config.nix.nixPath;
package = pkgs.lix;
};
time.timeZone = mkDefault "Europe/Paris";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = mkDefault "fr";
};
environment.systemPackages = with pkgs; [
tree
ranger
ripgrep
wget
git
lazygit
btop
screen
nix-search-cli
nix-output-monitor
];
channel.enable = false;
settings.nix-path = config.nix.nixPath;
package = pkgs.lix;
};
time.timeZone = mkDefault "Europe/Paris";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = mkDefault "fr";
};
environment.systemPackages = with pkgs; [
tree
ranger
ripgrep
wget
git
lazygit
btop
screen
nix-search-cli
nix-output-monitor
];
services = {
resolved.enable = !config.boot.isContainer;
openssh.settings = {
ClientAliveInterval = 60;
ClientAliveCountMax = 1;
services = {
resolved.enable = !config.boot.isContainer;
openssh.settings = {
ClientAliveInterval = 60;
ClientAliveCountMax = 1;
};
};
};
};
}
];
}

70
machines/kat-orchid/default.nix
View file

@ -3,6 +3,9 @@
lib,
pkgs,
mods,
kat-path,
ssh-keys,
sources,
...
}:
{
@ -63,7 +66,10 @@
services.openssh.enable = true;
networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [
80
443
];
security.acme = {
acceptTerms = true;
@ -79,8 +85,12 @@
"orchid.katvayor.net" = {
enableACME = true;
forceSSL = true;
locations."/static/" = {
alias = "/srv/orchid/";
locations = {
"/static/".alias = "/srv/orchid/";
"/" = {
recommendedProxySettings = true;
proxyPass = "https://192.168.123.2/";
};
};
};
"simply-wise.fr" = {
@ -100,12 +110,56 @@
};
};
};
services.wordpress = {
webserver = "nginx";
sites."orchid.katvayor.net" = {
themes = { inherit (pkgs.wordpressPackages.themes) twentytwentythree; };
containers.wordpress =
let
inherit (config.security.acme) certs;
in
{
privateNetwork = true;
bindMounts.certs = {
hostPath = certs."orchid.katvayor.net".directory;
mountPoint = certs."orchid.katvayor.net".directory;
isReadOnly = true;
};
hostAddress = "192.168.123.1";
localAddress = "192.168.123.2";
autoStart = true;
specialArgs = {
inherit kat-path ssh-keys sources;
};
config = {
imports = [ kat-path ];
kat.addArgs = false;
boot.kernel.enable = false;
systemd.network.enable = lib.mkForce false;
networking.firewall.allowedTCPPorts = [
80
443
];
services = {
nginx = {
enable = true;
virtualHosts."orchid.katvayor.net" = {
addSSL = true;
sslCertificate = "${certs."orchid.katvayor.net".directory}/fullchain.pem";
sslCertificateKey = "${certs."orchid.katvayor.net".directory}/key.pem";
sslTrustedCertificate = "${certs."orchid.katvayor.net".directory}/chain.pem";
};
};
openssh.enable = true;
wordpress = {
webserver = "nginx";
sites."orchid.katvayor.net" = {
themes = {
inherit (pkgs.wordpressPackages.themes) twentytwentythree;
};
};
};
};
environment.systemPackages = [ pkgs.wp-cli ];
system.stateVersion = "24.11";
};
};
};
fileSystems."/home/orchid/content/www" = {
device = "/srv/orchid";
options = [ "bind" ];